The best ICT security tools can be useless if staff don't use them - and crew from NZME has won a top award for overcoming just that problem.
An internal education effort to encourage staff across the NZME stable to report suspicious emails took out Best Security Awareness Campaign - NZME for its internal phishing education and awareness campaign. at the fifth annual Information Security Awards in Wellington last night.
NZME's campaign raised awareness of phishing by using humour, video, posters and a reporting button shaped as a fish and hook. It targeted 1900 staff across the Herald, provincial newspapers, OneRoof, YUDU, NewstalkZB, Radio Hauraki, ZM, The Hits and other NZME properties, and had impressive results.
Post-campaign, there was an 80 per cent increase in the number of staff reporting suspicious emails.
NZME Information Security Manager Patrick Blampied says the idea was born from morning coffee sessions with security analyst Stefan Kahn and NZME enterprise architect Simon Gianoutsos.
The Outlook phish button was indeed built by Stephen Geall with help from Russell Roach.
NZME's privacy committee expanded the idea into a full campaign, which internal communications manager Rowena D'Souza brought to life, working with the company's creative talent.
The annual iSANZ awards acknowledge those who are contributing to information security and cyber security - helping keep people and networks safe from malicious computer activity.
iSANZ Board Chair Kendra Ross says the awards are an important opportunity to inspire, promote and reflect on the hard work that goes on behind the scenes in our world-class information and cyber security sector.
"We've again been highly impressed by the accomplishments of all our entrants, finalists and winners. They are leaders in the information security field and number among some of the most skilled professionals anywhere."
Judges this year included world-renowned NZ computer scientist Peter Gutmann and GCSB Director Information Assurance and Cyber Security and National Cyber Security Centre Director Lisa Fong.
Other winners in the 2019 iSANZ Awards were:
Best Security Project / Initiative - healthAlliance for its Northern Region Secure USB Project.
healthAlliance introduced a new policy to reduce risks from unencrypted USB devices. 97 percent of PCs across the four Northern Region DHBs were secured to only accept secure USBs. The project saw over 8,000 secure USBs ordered through the region's procurement system.
Best Security Awareness Campaign - NZME for its internal phishing education and awareness campaign.
NZME's campaign raised awareness of phishing by using humour, video, posters and a reporting button shaped as a fish and hook. It targeted 1900 NZME staff and had impressive results. Post-campaign, there was an 80 per cent increase in the number of staff reporting suspicious emails.
Best Security Company - Defend Ltd.
Auckland-based Defend focuses on security assurance, vulnerability protection, detection and response. In only a few years' trading, the company has built a team of over 30 cyber security experts sited in Auckland, Wellington and the Midlands. It provides holistic information security services to nationally significant organisations and government departments.
Best Start-up or New Business - Darkscope.
Established in May 2018, Darkscope has expanded beyond NZ into Australia, the UK and Germany. The firm specialises in interrogating cyberspace to identify and quantify cyber risk for its clients. Roughly 70 per cent of its services are delivered via artificial intelligence.
Up and coming Cybersecurity Star - Ian White from ZX Security.
Ian is a relative newcomer to the world of information security - but in a few short years has been elevated to general manager at ZX Security. He has gained a reputation as an effective people and thought leader. He plays an active role in promoting the cyber security industry to high school and university students.
Hall of Fame Award - Dr Ian Graham.
Ian started out studying radio astronomy at the University of Cambridge. After moving to New Zealand in the mid 1980s, he had a long stint in academia at University of Waikato. He founded and led Endace - a computer network monitoring company set up to commercialise research begun at Waikato's Computer Science Department in the mid-90s.